If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Lion

Ok, so Lion has been released and the books on using it are starting to roll off the presses. What about all the supposed new security features that are rumored to have been built in? How is the whole disk encryption? Is it enterprise manageable? How is the auditing utility that is supposedly a rival for Microsoft's event viewer? Other new security features or links to *solid* reviews and whitepapers?

1. Disk encryption is relatively useless on anything outside of laptops. It also offers little or no protection against remote attacks
2. Apple still has not addressed the fundamental flaws with the package management system, paths to root, weak sandboxing, and improper/partial implementation of DEP and ASLR.
3. Auditing is still suspect on any system that does not support CAF functionality, ad that to the lack of a reference monitor and the logs are not truly trustworthy.
4. The management utilities have had mixed reviews. SOme poeple love it, others absolutely despise it due to reduced functionality.

Most of the admins I know are refusing to upgrade and advising clients to switch to more secure/manageable Linux or Windows platforms.

I am afraid that misses the point. Encryption has been around for thousands of years (Caesar Code?), and its purpose is to protect information whilst it is in transit.

In recent years there have been numerous balls-ups where people just haven't realised what "in transit" really means. You don't have to be sending things to someone, information is in transit as soon as it leaves your physical security perimeter, for whatever reason.

Basically, sensitive data on any electronic storage media that leaves your site, should be encrypted, even though that is technically a last resort, as it implies that your data can be accessed by the wrong people.

Once you are within your physical security perimeter then encryption is of little value as you have to decrypt the data to use them, and then they can be intercepted or accessed.

I would argue that encryption would be counter productive in this scenario as:

1. It introduces a considerable processing overhead.
2. It could lead to a false sense of security and bad habits elsewhere.

As for Apple............whole disk/medium encryption is not rocket science so I would expect theirs to be as good as any other, from a security viewpoint.

Likewise I would expect it to be as "enterprise manageable" as any other.

I wouldn't know about the rest as I have no intention of using Apple or their operating systems. But I would say that the company is pretty cautious in its developments, so I wouldn't expect anything spectacular.

I do not recall an ME or a Vista from Apple

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

OK, lets have some serious security talk here, and expand this thread a bit?

Courts over here generally have a very low level of knowledge of IT in general and security in particular...... it don't know what it is like with you?

So, if you are up on a due diligence charge it would be nice to say that "I used the Apple recommended and provided disk encryption software". That should get you some pretty slick lawyers courtesy of Apple?

Disk encryption in general is a pretty good cover your ass strategy at the moment?

However, you do need to be consistent, as it would be worse than embarrassing if your encrypted laptop was stolen, and had unencrypted DVDs containing confidential data in the bag. That's why I made a fuss about other media By encrypting the HDD you have admitted that you understand security issues...........the unencrypted stuff indicates reckless indifference?

So I guess the next question would be "OK, I can encrypt my HDD, but is there the facility to encrypt the backups and any files that I might copy to other portable media?"

No big deal if there isn't, but you do need to know.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

So, if you are up on a due diligence charge it would be nice to say that "I used the Apple recommended and provided disk encryption software". That should get you some pretty slick lawyers courtesy of Apple?

I doubt Apple would be recognized as a source of realistic security advice/technology. That being said, I would concentrate on the underlying technology. "Well, we were using full disk encryption with 256 bit keystrength and AES-CBC cipher" with supporting examples of inefficiency of attacks against the full 14 round AES cycle, etc. Maybe even an entropy analysis of the key guidelines without disclosing the actual key.

I doubt Apple would be recognized as a source of realistic security advice/technology.

That is absolutely true, and I mean no disrespect to Apple there. It isn't an area where you would want the supplier up close and personal.

I am afraid that my point was rather more crude than you gave me credit for (thanks for that, you can come again).

It's like when there is a line of guys/gals in beamers, mercs and porsches outside your door wearing Armani suits (or Yves St Laurent/Balmain) .......they will be the best lawyers that money can buy.........but it won't be your money, it will be "pro bono"....... but you know where the funding will have come from?

Yes, I am getting to be a very cynical "bar steward" in my old age If it came to a lawsuit I would want the Apple and MS legal teams behind me, but not so obviously as to admit corporate involvement?

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?